This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

Securing JMS message-driven-channel-adapter

Oct 22nd, 2010, 08:52 AM

I am using a message-driven-channel-adapter to read messages off MQ queue, and this has been working fine in development. Now, in preparation for the first production release, I have to read a secured queue instead.

What do I need to do?

I think I need to make sure the following are set as system properties, but with what values?

I spent few hours just yesterday sorting this out.
This is what you need to do
1) Use keytool to generate a truststore. Follow those steps and also remember the truststore password, coz you will need this.

2) Grab binary der format certificate from your bus administrator.

3) Use keytool to import that certificate into your truststore.

4) You can ignore keystore, if you don't want mutual authetication.

5) To begin with set these system properties. If everything works, you can set them in your application startup script like catalina.bat
Djavax.net.ssl.trustStoreType=BKS
javax.net.debug=ssl
javax.net.ssl.trustStore=c:\keystore (this, you need it from step 1)
javax.net.ssl.trustStorePassword=<<password>> (again from step 1)